[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Password-based user authentication with Netconf over TLS

To: netconf@ops.ietf.org
Subject: Password-based user authentication with Netconf over TLS
From: badra@isima.fr
Date: Mon, 10 Dec 2007 22:18:35 +0100 (CET)
User-agent: SquirrelMail/1.4.2

Dear all,

To update the "NETCONF over TLS" with a password-based user
authentication, you kindly find below three proposal profiles:

RFC4279 enables pre-shared key (PSK) based user authentication. Thus:

1. The PSK within NETCONF can be generated from the password using one of
the following ways:
     a. Apply the PKCS#5 KDF on the password, the ClientHello.Random and
the ServerHello.Random,
     b. Replace the PSK (RFC4279) with the result of the KDF.

2. Apply a hash function
     a. MD5 or SHA1 on the password,
     b. Replace the PSK with the hash result.

3. Use the password "as it is" the PSK in RFC4279.

Requirements for encoding and managment interfaces defined in RFC4279
apply for any of the above proposals.

Please feel free to give yours preferences, suggestion or alternatives to
the above ways of using passwords with RFC4279.

With my best regards,
Badra

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Prev by Date: Comments on Netconf Monitoring
Next by Date: RE: Password-based user authentication with Netconf over TLS
Previous by thread: Comments on Netconf Monitoring
Next by thread: RE: Password-based user authentication with Netconf over TLS
Index(es):
- Date
- Thread